[Python-Dev] Enable Hostname and Certificate Chain Validation
Donald Stufft
donald at stufft.io
Wed Jan 22 12:42:00 CET 2014
More information about the Python-Dev mailing list
Wed Jan 22 12:42:00 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 22, 2014, at 6:21 AM, Paul Moore <p.f.moore at gmail.com> wrote: > 2. Your proposal is that because some application authors have not > opted in yet, we should penalise the end users of those applications > by stopping them being able to use unverified https? And don't forget, > applications that haven't opted in will have no switch to allow > unverified use. That seems to be punishing the wrong people. Another thought, if this is seriously a blocker something simple like an environment variable could be added that switches the default. Which would act as a global sort of —insecure flag for applications that don’t provide one. I really don’t like the idea of doing that, but it would be better than not validating by default. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/e512d2b3/attachment.sig>
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list